<?php defined("MAIN_DIR") or die("No direct access");

$error = array();
if (isset($_POST['action']) && $_POST['action'] == "add")
{
	$login = filter_var($_POST['login'],FILTER_SANITIZE_MAGIC_QUOTES);
	if (mysql_num_rows(mysql_query("select * from `admin` where `login` = '$login'")) != 0)
		$error['login'] = "Пользователь с таким логином уже существует";
	if ($_POST['new_pass'] == "")
		$error['new_pass'] = "Не указан пароль";
	else
	{
		$new_pass = md5($_POST['new_pass']);
		$repeat_pass = md5($_POST['repeat_pass']);
		if ($new_pass != $repeat_pass)
			$error['repeat_pass'] = "Неверно указан повтор пароля";
	}
	
	if (count($error) == 0)
	{
		$last_ip = 0;
		$last_time = time();
		$add_query = "insert into `admin` (`login`,`password`,`last_ip`,`last_time`) values ('$login','$new_pass','$last_ip','$last_time')";
		
		if (mysql_query($add_query)) {
			to("/admin/site/users/");
		} else {
			$error['query'] = "Не удалось добавить";
		}
	}
}

require_once ADMIN.HEADFILE;
?>
<div align="left">
<h1>Добавление пользователя</h1>
<hr /><?php
if (count($error) > 0)
	echo "<p style='color:red'>".implode("<br />",$error)."</p>";
?><form method='POST'>
<input type='hidden' name='action' value='add' />
<table cellpadding='5' cellspacing='0'>
	<tr>
		<td width="150px">Логин</td>
		<td width="300px">
			<input style='width:100%' type='text' name='login' value='<?php if (isset($_POST['login'])) echo $_POST['login'];?>' />
		</td>
	</tr>
	<tr>
		<td>Пароль</td>
		<td><input style='width:100%' type='password' name='new_pass' /></td>
	</tr>
	<tr>
		<td>Повтор пароля</td>
		<td><input style='width:100%' type='password' name='repeat_pass' /></td>
	</tr>
	<tr valign='top'>
		<td colspan='2' align="right"><button style="width:100px;height:30px" type="submit">Добавить</button></td>
	</tr>
</table>
</form>
<br /><hr /><br />
</div>

<?php require_once ADMIN.FOOTERFILE; ?>